tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor Schneider" <>
Subject Re: Modifying saved URL from j_security_check
Date Wed, 09 Aug 2006 18:18:44 GMT
Hi Mark,

something really, really strange is happening here: As you suggested, I've
subclassed org.apache.catalina.authenticator.FormAuthenticator, patched the in catalina.jar, however, my own Authenticator is
not being used.
Strange though, since if I delete my jar where my Authenticator resides from
server/lib, Tomcat won't start up grumping that my class is missing...

I've overwritten the methods invoke(), where I'm just throwing an Exception
(to make sure that my class is really triggered as a 1st try), also I've
overwritten the method restoreRequest() and authenticate() - none of the
methods gets hit.

Do you have any idea what I'm missing here?

Below is my code (short & simple):



import java.util.Iterator;
import java.util.Locale;

import javax.servlet.ServletException;
import javax.servlet.http.Cookie;

import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.Request;
import org.apache.catalina.Response;
import org.apache.catalina.Session;
import org.apache.catalina.ValveContext;
import org.apache.catalina.authenticator.Constants;
import org.apache.catalina.authenticator.SavedRequest;
import org.apache.catalina.deploy.LoginConfig;

public class FormAuthenticator extends
        org.apache.catalina.authenticator.FormAuthenticator {

     * Enforce the security restrictions in the web application deployment
     * descriptor of our associated Context.
     * @param request Request to be processed
     * @param response Response to be processed
     * @param context The valve context used to invoke the next valve
     *  in the current processing pipeline
     * @exception IOException if an input/output error occurs
     * @exception ServletException if thrown by a processing element
    public void invoke(Request request, Response response,
                       ValveContext context)
        throws IOException, ServletException {

        System.out.println("******** inside own invoke ********");
        throw new ServletException("Inside invoke");

     * Authenticate the user making this request, based on the specified
     * login configuration.  Return <code>true</code> if any specified
     * constraint has been satisfied, or <code>false</code> if we have
     * created a response challenge already.
     * @param request Request we are processing
     * @param response Response we are creating
     * @param config    Login configuration describing how authentication
     *              should be performed
     * @exception IOException if an input/output error occurs
    public boolean authenticate(HttpRequest request,
                                HttpResponse response,
                                LoginConfig config)
        throws IOException {

        System.out.println ("*********** inside own authenticate ********");
        return super.authenticate(request, response, config);

     * Restore the original request from information stored in our session.
     * If the original request is no longer present (because the session
     * timed out), return <code>false</code>; otherwise, return
     * <code>true</code>.
     * @param request The request to be restored
     * @param session The session containing the saved information
    protected boolean restoreRequest(HttpRequest request, Session session) {

        System.out.println("********* inside own restore *********");
        return super.restoreRequest(request, session);


This is the content of my




I thought that maybe the reason for this might be that we're running in
SSL-mode, however, same behaviour when using pure http....

FYI: Tomcat 5.0.28, Suse Linux 9.1


what's puzzlin' you, is the nature of my game

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message